Penetration Testing mailing list archives
Re: How to pick the right company for penetration testing?
From: wjnorth <wjnorth () earthlink net>
Date: Fri, 30 Jan 2004 09:36:58 -0800
Hmm...I don't think I said that those tools were penetration testing tools, I do believe I said they were vulnerability scanners, of which one can use to perform pen tests. I think you flamed the wrong person. Thanks for the misdirected correction though, as quite a few people confuse the two. ;-)
-Wes At 03:51 PM 1/30/2004 +0100, Frederic Charpentier wrote:
Hi. Qualys, Nessus are not a pentest : it's a vulnerability scan. Please, don't use "pentest" to describe these kind of services. Fred On Wed, 28 Jan 2004 15:04:22 -0800 wjnorth <wjnorth () earthlink net> wrote: > Good catch there. In my opinion one can't rely on a single > vulnerability scanner, which is why I typically use 2 or 3, Nessus for > open source then some foo-foo commercial tool to validate and > invalidate findings. Additionally, depending on what you are testing, > there are a ton of application level scanners for Database, Web, App > and such the like. There is no "leader" in any area, at most each tool > validates the other, I've yet to rely solely on a single tool as the > end-all-solution. > > -Wes > Sr. Information Security Engineer > > At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote: > >That's a bold statement "leader in the space." I don't believe there > >is a single leader in the penetration testing space, there are > >choices. Answering his question about credentials, information, > >references might be less subjective. > > > >Regards, > > > >Eric Greenberg > >Chief Technical Officer > >NetFrameworks, Inc. > >http://www.NetFrameworks.com > > > >-----Original Message----- > >From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA > >[mailto:gideon () infostruct net] > >Sent: Monday, January 26, 2004 9:03 PM > >To: pen-test () securityfocus com > >Cc: aoyt78 () dsl pipex com > >Subject: How to pick the right company for penetration testing? > > > > > >Andy, > > > >You should investigate vulnerability scanning services. The leader in > >the space is Qualys > > > > >>>>>>>>>>>>>>>>>>>>> the poster's original question > >I'm in a position to recommend a company and would like to know, what > >credentials/information/references should I ask for from a company > >who offers such services. > > > > > > > > > >-------------------------------------------------------------------- > >-------------------------------------------------------------------- > >--------------- > > > > > > > > > >-------------------------------------------------------------------- > >-------------------------------------------------------------------- > >--------------- > > > > > >-------------------------------------------------------------------- > >-------------------------------------------------------------------- > >--------------- > > > --------------------------------------------------------------------- > --------------------------------------------------------------------- > -------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- How to pick the right company for penetration testing? Andy Paton (Jan 25)
- Re: How to pick the right company for penetration testing? Nexus (Jan 25)
- RE: How to pick the right company for penetration testing? Pete Herzog (Jan 26)
- Re: How to pick the right company for penetration testing? Nexus (Jan 26)
- RE: How to pick the right company for penetration testing? Pete Herzog (Jan 26)
- <Possible follow-ups>
- RE: How to pick the right company for penetration testing? Carrick, Brian A (Jan 26)
- How to pick the right company for penetration testing? Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA (Jan 27)
- RE: How to pick the right company for penetration testing? Eric Greenberg (Jan 27)
- RE: How to pick the right company for penetration testing? Robert E. Lee (Jan 27)
- RE: How to pick the right company for penetration testing? wjnorth (Jan 29)
- Message not available
- Re: How to pick the right company for penetration testing? wjnorth (Jan 30)
- RE: How to pick the right company for penetration testing? Eric Greenberg (Jan 27)
- Re: How to pick the right company for penetration testing? Nexus (Jan 25)
- RE: How to pick the right company for penetration testing? Cure, Samuel J (Jan 27)
- Re: How to pick the right company for penetration testing? Travis Schack (Jan 28)
- RE: How to pick the right company for penetration testing? Tinus Janse van Rensburg (Jan 28)
- Re: How to pick the right company for penetration testing? Nexus (Jan 29)